blue-team-tools

Author	SHA1	Message	Date
$frack113$ frack113	d6059d801b	Filename normalisation	2023-01-07 08:52:11 +01:00
Nasreddine Bencherchali	ea4b844c8e	fix: broken selections	2023-01-06 17:28:29 +01:00
Nasreddine Bencherchali	7e73028c5e	feat: updates and enhancements	2023-01-06 16:35:34 +01:00
$frack113$ frack113	756a248032	update logsource	2023-01-04 18:52:24 +01:00
$frack113$ frack113	8720356684	Update field name	2023-01-02 15:49:45 +01:00
$frack113$ frack113	b13a74adc9	Update from review	2023-01-02 12:05:54 +01:00
$frack113$ frack113	5e09d46226	Update rules/windows/builtin/dns_server_analytical/win_apt_gallium.yml Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2023-01-02 11:56:08 +01:00
$frack113$ frack113	0e8d1f9b0d	Check field name	2023-01-02 10:59:51 +01:00
Florian Roth	f3abafed94	fix: Windows Defender detection	2022-12-28 20:52:53 +01:00
Nasreddine Bencherchali	a1038670aa	feat: add new reference	2022-12-28 16:17:46 +01:00
Korving-F	bf79fa78bc	Updates modified timestamp	2022-12-28 14:52:27 +02:00
Frank Korving	0f55e70a4f	Update win_ldap_recon.yml Adds additional IOC for [bloodhound.py](https://github.com/fox-it/BloodHound.py/blob/master/bloodhound/ad/domain.py#L427).	2022-12-28 13:45:37 +02:00
Nasreddine Bencherchali	a25027fef8	fix: rename links from old repo to SigmaHQ	2022-12-27 21:05:16 +01:00
$frack113$ frack113	7060db3d47	Promotion rules (#3821 ) * Promotion rules * fix missing null * fix: modified date Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>	2022-12-27 12:29:10 +01:00
Nasreddine Bencherchali	e6baac1bf2	fix: exclude teamviewer fp & reduce severity	2022-12-23 20:50:38 +01:00
Nasreddine Bencherchali	21f5bf8536	feat: new rules related to rat software based on #2841	2022-12-23 20:42:51 +01:00
Nasreddine Bencherchali	03cc78e916	feat: filename test enhancements (#3812 )	2022-12-23 09:25:16 +01:00
Nasreddine Bencherchali	3fc4390767	Merge pull request #3809 from qasimqlf/patch-18 fix: updated targetUserName and ipAddress	2022-12-22 15:16:52 +01:00
Nasreddine Bencherchali	e61795a1ea	feat: proxynotshell owa variant rules	2022-12-22 12:10:29 +01:00
Qasim Qlf	29377ddfff	fix: updated targetUserName and ipAddress	2022-12-22 14:16:25 +05:00
Nasreddine Bencherchali	beccf416da	feat: add two new rules	2022-12-20 23:44:44 +01:00
Nasreddine Bencherchali	ec63adb32f	fix: update title	2022-12-14 23:12:23 +01:00
Nasreddine Bencherchali	79e83766eb	feat: update ldap rule with additional strings	2022-12-14 16:52:04 +01:00
Nasreddine Bencherchali	5232094c71	fix: more fp found in testing and enhance fp metadata	2022-12-13 11:25:23 +01:00
Nasreddine Bencherchali	681c720509	fix: fp in user_driver_loaded rule	2022-12-12 22:30:08 +01:00
Nasreddine Bencherchali	1cfd7794d2	fix: fix FP found in testing	2022-12-12 13:40:55 +01:00
Nasreddine Bencherchali	7c7057d9d3	fix: rename .net etw tamper rules	2022-12-09 18:06:58 +01:00
Nasreddine Bencherchali	89e44d46cb	feat: update .net etw tamper rules	2022-12-09 18:06:20 +01:00
Nasreddine Bencherchali	559b4c4e97	Merge branch 'nasbench-rule-devel' of https://github.com/nasbench/sigma into nasbench-rule-devel	2022-12-09 13:41:21 +01:00
Florian Roth	356ab98ada	fix: FPs with Important Scheduled Task Deleted	2022-12-09 12:55:41 +01:00
Nasreddine Bencherchali	0783d6df22	feat: update Lsass-Shtinkering rules	2022-12-09 12:22:50 +01:00
Nasreddine Bencherchali	6f6cb9648d	fix: fp found in testing	2022-12-09 10:33:52 +01:00
Nasreddine Bencherchali	fa318243c2	Merge branch 'SigmaHQ:master' into nasbench-rule-devel	2022-12-08 19:22:11 +01:00
Nasreddine Bencherchali	80ef3b70dc	fix: broken single item lists	2022-12-08 16:23:58 +01:00
Nasreddine Bencherchali	18c3c8528d	fix: remove tamper protection value	2022-12-08 12:13:14 +01:00
Nasreddine Bencherchali	0567ca8ca3	fix: fix unused selection	2022-12-08 11:57:40 +01:00
Nasreddine Bencherchali	f12975bc6b	fix: update description Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2022-12-07 22:34:56 +01:00
Nasreddine Bencherchali	b1a657b7de	fix: add spaces to avoid fp with other keys	2022-12-07 22:27:27 +01:00
Nasreddine Bencherchali	9a5a0fed20	feat: update test to include more cases	2022-12-07 22:21:05 +01:00
Nasreddine Bencherchali	1d749cee54	fix: duplicate id	2022-12-07 02:44:31 +01:00
Nasreddine Bencherchali	899b1606f8	fix: duplicate id	2022-12-07 02:38:19 +01:00
Nasreddine Bencherchali	a425ef65e5	feat: update metadata and add more cases for rules	2022-12-07 02:26:21 +01:00
Nasreddine Bencherchali	a7bfb349ee	fix: fix fp found in testing	2022-12-07 02:25:52 +01:00
Nasreddine Bencherchali	850d4fcd50	feat: update windefend rules	2022-12-07 00:20:56 +01:00
Nasreddine Bencherchali	42b99b165d	feat: new rules and fixes (#3759 ) Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>	2022-12-06 12:13:20 +01:00
Florian Roth	e493a41bc6	Merge pull request #3757 from SigmaHQ/aurora-false-positive-fixing fix: FPs noticed in Nextron testing CI	2022-12-05 18:54:31 +01:00
Florian Roth	1796502b90	fix: FPs noticed in Nextron testing CI	2022-12-05 17:39:42 +01:00
$frack113$ frack113	54739006a9	Fix workflow warning	2022-12-04 15:29:08 +01:00
Nasreddine Bencherchali	b6492e731b	feat: general updates and fixes	2022-12-02 23:16:03 +01:00
$frack113$ frack113	a674ee246b	Update Title (#3739 )	2022-11-30 11:44:15 +01:00

1 2 3 4 5 ...

1428 Commits